U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38701 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data() and ext4_inline_data_truncate().


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://cert-portal.siemens.com/productcert/html/ssa-032379.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-082556.html siemens-SADP
https://git.kernel.org/stable/c/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42 kernel.org Patch 
https://git.kernel.org/stable/c/1199a6399895f4767f0b9a68a6ff47c3f799b7c7 kernel.org Patch 
https://git.kernel.org/stable/c/279c87ef7b9da34f65c2e4db586e730b667a6fb9 kernel.org Patch 
https://git.kernel.org/stable/c/2817ac83cb4732597bf36853fe13ca616f4ee4e2 kernel.org Patch 
https://git.kernel.org/stable/c/7f322c12df7aeed1755acd3c6fab48c7807795fb kernel.org Patch 
https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7853e19bbd64e17a kernel.org Patch 
https://git.kernel.org/stable/c/81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c kernel.org Patch 
https://git.kernel.org/stable/c/8a6f89d42e61788605722dd9faf98797c958a7e5 kernel.org Patch 
https://git.kernel.org/stable/c/d960f4b793912f35e9d72bd9d1e90553063fcbf1 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html CVE Mailing List  Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-617 Reachable Assertion cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38701
NVD Published Date:
09/04/2025
NVD Last Modified:
05/12/2026
Source:
kernel.org